From owner-freebsd-security Wed Jun 26 18:42:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from router.drapple.com (12-225-0-33.client.attbi.com [12.225.0.33]) by hub.freebsd.org (Postfix) with ESMTP id D895D37DA9A; Wed, 26 Jun 2002 18:14:31 -0700 (PDT) Received: from work.drapple.com (work [192.168.1.10]) by router.drapple.com (8.9.3/8.9.3) with ESMTP id SAA01036; Wed, 26 Jun 2002 18:15:10 -0700 (PDT) (envelope-from mark@work.drapple.com) Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: Date: Wed, 26 Jun 2002 18:14:30 -0700 (PDT) From: Mark Hartley To: Robert Watson Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv Cc: freebsd-security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 27-Jun-02 Robert Watson wrote: > > On Wed, 26 Jun 2002, Mark Hartley wrote: > >> Are there other common applications (not rebuilt by the world) that many >> of us are likely to be running which are going to need to be rebuilt >> (i.e. Apache, pop3 servers, db servers, etc)? >> >> I'm not really sure how to even know if an application would be >> statically linked against libc. Maybe someone with a clue could post >> some instructions on how to check out if an app is statically linked >> against libc, then we could test our own apps and rebuild as needed. >> Anyone have an easy way that we can tell? > > I just sent out some instructions in another mail, but the basic gist is > that you run the 'file' command on the binaries you're worried about, and > make sure they are dynamically linked. If the binary is statically > linked, or it's dynamically linked against an older libc, it will need to > be rebuilt. > > Assuming they dynamically link against the current (fixed) version of the > libc library, then restarting the application without rebuilding should be > sufficient. Note that if the daemon is actually *running* when you > replace libc, you'll need to restart it so it picks up the new library > version. It does no good to replace the daemon on disk, but have the > running version be the old one. > > Let me know if you have any questions. I figured the reboot of the whole system I did (after going through the whole build and install of kernel & world), should have taken care of making sure any dynamically linked stuff is using the new & improved libc. So far I've only found a few apps that didn't get rebuilt that appear to be statically linked, and most of them are Kerberos tools (not sure why they weren't rebuilt with world), but I don't use Kerberos or run any Kerberos services. So far, it appears that a cvsup and rebuild of world is all that I'm going to need to do. Kudos to the FreeBSD developers for making such a sweet system. Mark. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message